Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

11 – 20 of 46 results

CVE-2021-41819

Medium priority
Fixed

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

4 affected packages

ruby2.3, ruby2.5, ruby2.7, ruby3.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby2.3 Fixed
ruby2.5 Fixed Ignored
ruby2.7 Fixed Ignored
ruby3.0 Fixed Ignored
Show less packages

CVE-2021-41817

Medium priority
Fixed

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

4 affected packages

ruby2.3, ruby2.5, ruby2.7, ruby3.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby2.3 Fixed
ruby2.5 Fixed Ignored
ruby2.7 Fixed Ignored
ruby3.0 Fixed Ignored
Show less packages

CVE-2021-41816

Medium priority
Fixed

CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also...

4 affected packages

ruby2.3, ruby2.5, ruby2.7, ruby3.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby2.3 Not affected
ruby2.5 Not affected Ignored
ruby2.7 Fixed Ignored
ruby3.0 Fixed Ignored
Show less packages

CVE-2021-32066

Medium priority
Fixed

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to...

5 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Fixed Not in release
ruby2.7 Fixed Not in release Not in release
Show less packages

CVE-2021-31799

Medium priority
Fixed

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.

5 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Fixed Not in release
ruby2.7 Fixed Not in release Not in release
Show less packages

CVE-2021-31810

Low priority
Fixed

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially...

5 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Fixed Not in release
ruby2.7 Fixed Not in release Not in release
Show less packages

CVE-2021-28965

Medium priority

Some fixes available 6 of 9

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing.

4 affected packages

ruby-rexml, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-rexml Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Fixed Not in release
ruby2.7 Fixed Not in release Not in release
Show less packages

CVE-2020-25613

Low priority
Fixed

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker...

5 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release
ruby2.3 Not in release Not in release Fixed
ruby2.5 Not in release Fixed Not in release
ruby2.7 Fixed Not in release Not in release
Show less packages

CVE-2020-10933

Low priority

Some fixes available 2 of 3

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size,...

5 affected packages

ruby1.9.1, ruby2.0, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby1.9.1 Not in release Not in release Not in release
ruby2.0 Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not affected
ruby2.5 Not in release Fixed Not in release
ruby2.7 Fixed Not in release Not in release
Show less packages

CVE-2020-10663

Medium priority

Some fixes available 2 of 7

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor...

5 affected packages

ruby-json, ruby2.1, ruby2.3, ruby2.5, ruby2.7

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-json Not affected Not affected Not affected Needs evaluation Needs evaluation
ruby2.1 Not in release Not in release Not in release Not in release Not in release
ruby2.3 Not in release Not in release Not in release Not in release Fixed
ruby2.5 Not in release Not in release Not in release Fixed Not in release
ruby2.7 Not affected Not in release Not in release
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON